Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?

We pursue the information flow analysis of virtualized infrastructures by graph coloring. Analyzing VM connections, network and storage we ask: How can we discover isolation breaches hidden in the actual configuration?

European countries establish eID systems, while often debating the privacy benefits anonymous credential systems provide. Are these advanced systems feasible and efficient enough on a standard eID card?

Before that, I've been a tenured research scientist at the Information Security and Cryptography group of IBM Research - Zurich as well as IBM Corporation's Research Relationship Manager for Privacy and director of IBM's Privacy Research Institute (PRI).

I've been leading an initiative to establish anonymous credential systems on electronic identity cards, more generally on the Java Card platform. We coined this Smart Identity Card, and contributed it to the FP7 EU project PrimeLife. Whereas we follow the same goal of strong authentication combined with privacy, the Java Card's trust model, limited access to crypto primitives and resource constraints make this a challenge. The system must be secure in face of untrusted terminals and, thus, cannot easily delegate computation to a more powerful device and still achieve practical response times with secure keys. Nevertheless, we were the first to establish a practical and autonomous anonymous credential system on a standard Java Card (on a JCOP 41/v2.2 to be precise).